OVERNIGHT TECH: Cybersecurity debate finally under way

THE LEDE: After months of meetings behind closed doors, the debate over cybersecurity legislation in the Senate went public Tuesday with the introduction of a comprehensive bill from the leadership of the Senate Homeland Security and Commerce Committees. The legislation would reform the law governing how federal agencies secure their networks, encourage information sharing between the public and private sectors on cyber threats, and implement some light-touch regulations on private firms deemed crucial to national security.

But cybersecurity experts who have reviewed the bill say contractors' lobbying efforts have already gutted many of the measures to secure the nation's networks. Center for Strategic and International Studies Director James Lewis said the high thresholds for covered critical infrastructure and exclusions for commercial IT are problematic. SANS Institute research director Alan Paller said a handful of tech industry representatives have been able to pump the bill so full of loopholes that its protections have been "decimated. But cybersecurity is still a young policy issue, so the passage of any legislation will likely be viewed as a political win.

Reactions:

"The six [tech industry representatives] demanded so many
loopholes in the draft bill that it ought to be renamed the "Chinese
cyber espionage protection act," because it enables attackers while
hamstringing defenders; and they continue to demand more loopholes.
These six people, had they worked for the auto industry in Washington
in the 50s, would have said, 'requiring seat belts in cars is government
over-regulation, but we are patriots here to protect the American
people, so we will support the bill, as long as it applies only to cars
with three wheels.'" — Alan Paller, SANS Institute

"TechAmerica remains committed to further refinement of the legislation to ensure the private sector has a strong voice at the table. We hope that Congress will follow the tenet of first, do no harm, while being mindful that legislating on a complex technical issue of cybersecurity can have many possible unintended consequences. It is paramount that we preserve industry’s ability to continue to innovate and be flexible to respond to the evolving cyber threat landscape.” — Dan Varroney, acting president and CEO of TechAmerica

On tap Wednesday: The Federal Communications Commission will hold its
monthly meeting and consider regulations to protect consumers from
unwanted robocalls. The proposed rules would require consumers to have
given prior consent before receiving robocalls, and would allow them to
easily opt out of receiving further robocalls. The commission will
also discuss streamlining the licensing rules for cellular service and
expanding outage reporting to Voice over Internet Protocol (VoIP)
providers.

Signing off: This will be my last edition of Overnight Tech. Brendan Sasso will bring you all the tech news you need from here on.